From 36c4c6e0ce22ffb15479abb18e531109e9ad7e5d Mon Sep 17 00:00:00 2001
From: Matej Hrica <492778@mail.muni.cz>
Date: Sun, 7 May 2023 21:47:48 +0200
Subject: [PATCH] Make weather SecurityFilterChain more explicit

---
 .../cz/muni/fi/pa165/weather/server/config/AppConfig.java    | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/weather/src/main/java/cz/muni/fi/pa165/weather/server/config/AppConfig.java b/weather/src/main/java/cz/muni/fi/pa165/weather/server/config/AppConfig.java
index 6171cdd..70e7db1 100644
--- a/weather/src/main/java/cz/muni/fi/pa165/weather/server/config/AppConfig.java
+++ b/weather/src/main/java/cz/muni/fi/pa165/weather/server/config/AppConfig.java
@@ -1,5 +1,6 @@
 package cz.muni.fi.pa165.weather.server.config;
 
+import cz.muni.fi.pa165.user.client.Authorities;
 import cz.muni.fi.pa165.user.client.UserServiceInterceptionConfigurer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -21,8 +22,8 @@ public class AppConfig {
                         .requestMatchers("/v3/api-docs/**").permitAll()
                         .requestMatchers(HttpMethod.GET, "/").permitAll()
                         .requestMatchers(HttpMethod.GET, "/swagger-ui.html").permitAll()
-                        // default
-                        .anyRequest().authenticated()
+                        // MANAGER has access to everything in this service
+                        .anyRequest().hasAuthority(Authorities.MANAGER)
                 )
                 .oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
         return http.build();
-- 
GitLab